DSA-5024-1 apache-log4j2 -- apache-log4j2ID: oval:org.secpod.oval:def:605712 | Date: (C)2021-12-20 (M)2023-11-10 |
Class: PATCH | Family: unix |
It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup , attackers with control over Thread Context Map input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.
Platform: |
Debian 10.x |
Debian 11.x |